Excerpted From Hartford Insurance:
“I have a client who was the victim of a ransomware attack. As a result of this attack, all her files were locked and encrypted. She was told that if she paid $100, she would get a “key” with a special code to decrypt her files. They wanted the $100 to be paid in Bitcoin. She didn’t know what to do. However, the ransomware attackers provided a toll-free number for her to call.
A toll-free number. To call the ransomware attackers. So she did. ‘ They walked me through the entire process.’ “
Ransomware has become such a huge industry ($4 billion a year according to the F B I that the people orchestrating these attacks literally have customer service departments.
If your business hasn’t been the victim of a ransomware attack, or a “phishing” scam (for example, your CEO is impersonated on an email asking for confidential information), or a malware attack that creates havoc on your platform just for fun, you’re lucky.
And in another statistic from security firm Purplesec, the victims of cybercrime were up more than 600% in 2020 due to the pandemic.
Data security was a huge issue before COVID. And now it’s an even bigger problem now with many employees working from home. Home computers that are shared with other family members are not exactly the most secure environment.
Once a device is compromised, your network is compromised. If your network is compromised, your customer data can be breached or files locked down or stolen. The result: potential lawsuits and interruptions or even termination of your business.
SO .. What To Do? Here are six things you need to do immediately.
- Buy security software. There are plenty of good choices out there. But make sure this software is installed on all devices used by your employees, even their home devices.
- Setup online backup. Make sure your databases — cloud or otherwise — are backed up multiple times per day. Use cloud services like Carbonite or others. This way if you are attacked, you have the option to wipe everything clean and restore from your last good backup.
- Get training. We need to be able to better identify “phishing” emails and other potential threats. The only way to do this is through regular training.
- Re-visit passwords. Require the use of password management software create long, complicated passwords. And make sure there’s multi-factor authentication to access anything on your network.
- Update everyone’s operating systems. Unfortunately, people sometimes ignore updates because they’re annoying. But don’t let this happen. Updates need to be required, and again, you may need the services of an IT firm to make sure this is being done.
- Get cyber insurance. The sad fact is that none of the above actions are foolproof, and cybercriminals are always going to be one step ahead. So when all else fails, having protection for the liabilities — and potential business interruptions — caused by theft or fraud is your best bet.
While none are foolproof, the more obstacles you put in the way of the cyber thieves, the higher the chance they’ll get frustrated and move on to easier pickings.